The internet has many articles recommending ways to close a browser popup window without infecting your computer with malware. I've seen click the red X, use ALT-F4, go to the windows task bar, right click on your browser's icon and do a close window, click file-exit in the browser. I believe all of the above recommendations, while easy to perform by the user, can be intercepted with a javascript function call which means performing those recommendations could download malware onto your computer. And the only safe way to close a popup window is through task manager and killing the browser process. Is that correct or are some of the recommendations mentioned above really safe to perform when closing a popup window?

JavaScript can also run on the window opening, or the page loading, etc. So its seems like, if you have a security vulnerability that lets JavaScript own your machine, you've already lost.
–
derobertJul 3 '13 at 17:09

4 Answers
4

Alt+F4 / Taskbar>Exit / Browser>File>Exit --> Javascript can indeed trigger an action on page close (which also happens on exiting the browser because the page has to be closed to do so - just tested while writing this post)

Therefore it is correct to say that the safest option is to to Ctrl+Alt+Del and kill the process. This is safe because (in Windows) Ctrl+Alt+Del is a secure key combination that can only be intercepted by the OS, so it can't trigger any Javascript in the browser (it can't trigger anything actually).

The Ctrl+Alt+Del link above also has some commentary about what it does in other Operating Systems.

Do note that not every browser will handle this the same. Chrome runs each tab in a separate process, whereas other browsers may run everything in one process: killing this process kills everything.
–
Naftuli Tzvi KayMar 19 '14 at 22:20

You should kill the process immediately by using CTRL+ALT+DEL and viewing the process list in the task manager.

Prevention is better than curing. You should consider a pop up blocker. Instead of closing it, you prevent it from being opened in the first place. If you then actually need the popup you can simply allow it by clicking "allow popup".

This will prevent annoying or malicious popups to be executed. If you are in a situation where you are panicking and really don't know what to do, then killing the process is your best bet.

Unfortunately, there is no simple way to identify which of the dozens of processes shown in Windows Task Manager corresponds to the pop-up and should be killed. In fact, in the Chrome browser I just had a pop-up which did not add to the 50 processes as an extra process. The only way to safely close the popup window is then to close the browser entirely by Ctrl-Alt-Del then clicking the Applications tab of Windows Task Manager. This loses all the tabs open - a real nuisance when you've been researching a complex topic for an hour. These tabs can then be laboriously recovered from History in Chrome, but the effort tends to discourage one from using this approach instead of taking a chance on just clicking the red X.